,Japan
With the update to Windows 10 v1809, three event logs that seem to be related to Windows Security Center are now recorded.
[CLSID]
- Windows.SecurityCenter.WscBrokerManager
- Windows.SecurityCenter.SecurityAppBroker
- Windows.SecurityCenter.WscDataProtection
[Guid]
- {1b562e86-b7aa-4131-badc-b6f3a001407e}
* A ~ C same Guid
The event log offers the following solutions:
"This security permission can be modified by using the Component Services administration tool."
Unfortunately,
Since "APPID: Unavailable", the APPID cannot be specified even if the component service is started.
To refresh the event viewer, you can stop recording in the event log. (PLAN-A)
Well, the main subject.
Another PC I own does not have a Windows.SecurityCenter.xxx error recorded, so I stumbled across the net in search of new information and came across information that could lead to repairs.[Repair method]
- Change the Security Center service startup type from Automatic (Delayed Start) to Automatic.
The procedure is simple, but the Security Center service startup type is grayed out and cannot be changed normally.
[Patterns A, B, C]
- Repair using ExecTI
- Repair using Registry Editor
- Stop recording event logs
Event Log
Of the three types of errors, the Windows.SecurityCenter.WscDataProtection log is posted.Replace the remaining two logs with the same characters that have been replaced with the following characters in [Windows.SecurityCenter.WscDataProtection].
- Windows.SecurityCenter.WscBrokerManager
- Windows.SecurityCenter.SecurityAppBroker
message | CLSID for application-specific permission settings Windows.SecurityCenter.WscDataProtection And APPID unusable Local launch permissions for this COM server application to user NT AUTHORITY\SYSTEM SID (S-1-5-18) at address LocalHost (using LRPC) running at application container unavailable SID (not available) You can not. This security permission can be modified using the Component Services administration tool. |
log name | system |
Source | DistributedCOM |
Event id | 10016 |
level | error |
user | SYSTEM |
Opcode | information |
Guid | {1b562e86-b7aa-4131-badc-b6f3a001407e} |
Pattern A (ExecTI)
This procedure makes use of the free software ExecTI.
ExecTI is software that can launch programs and management consoles with TrustedInstaller privileges.
External link
Related post
Normally a Windows service started cannot be modified as the drop down list next to the Security Center startup type is grayed out, but a Windows service started from ExecTI can change the Security Center startup type. ..
A snapshot of the normally started Windows service
Reference: Windows startup process
- Power on PC
- Windows starts
- Security Center starts delayed ← Error is recorded here
- The login screen is displayed
- log in
- Start process end
This is the procedure to change "Automatic (Delayed Start)" of Security Center to "Automatic".
1. Start the service
Start the service from ExecTI.- Launch ExecTI
- Type services.msc in the box next to Open
- OK Click on the
2. Security Center
Once the service has started, look for Security Center and view its properties.- Find a Security Center
- Double-click or right-click> select properties
3. Startup type
Change the startup type in the middle row to "Automatic".After change | Automatic |
Change before | Automatic (delay start) |
4. End of procedure
This completes the procedure.Restart your PC and check the Event Viewer.
Pattern B (Registry editor)
If you want to repair without using ExecTI, you can use Registry Editor.
Registry operations are at your own risk
Before working with Registry EditorMake a backup copy of your registry in case something goes wrong.
The value to search for is the Security Center service name "wscsvc".
It hits in multiple places, but the edit target is the following hierarchy.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
To change from automatic (delayed start) to automatic, set DelayedAutoStart = 0.
Pattern C (stop logging)
You can refresh the event viewer by stopping recording in the event log.
The information in this section is a simplified version of the article posted as PLAN-A, so read the related article for detailed instructions.
This procedure follows the procedure recommended by Microsoft officials as it is a way to stop logging but ignore the event while it is occurring.
It's not a fundamental solution, but it's cleaner because it reduces the number of errors displayed in the Event Viewer.
Find the following key and change the Enabled value from 1 to 0:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-System\{1b562e86-b7aa-4131-badc-b6f3a001407e}
Summary
Countermeasures when Windows.SecurityCenter.WscDataProtection is recorded in the event log.- ignore
- Change the startup type
- Stop logging
About 10016 events
According to support.microsoft.comThe 10016 event is recorded when a Microsoft component tries to access a DCOM component without having the required permissions, and explains that it is the recommended action because it behaves according to Windows specifications.
Therefore,
The recommended action is to wait for the natural recovery.
SID (S-1-5-18)
I made a note of the "NT AUTHORITY\SYSTEM SID (S-1-5-18)" that was recorded in the event log.S-1-5-18 is a SID (security identifier) and is given to the built-in account (Local System) that is automatically created when Windows is installed.
Local System refers to the following accounts:
- SYSTEM
- Local Service
- Network Service
Document
Here's some tips that helped with this repair procedure:You can basically ignore the error.
The cause is that various applications are preloaded in memory in the background before the user logs in to Windows, and it is caused by insufficient privileges.
When the application is officially launched at the time of login, it has been resolved by logging in, so there should be no harm.
This is also one of the reasons you shouldn't log in until you get slow access to your storage when you start Windows.
Microsoft community
External link
Validation: Windows 10 Pro October 2018 Update, v1809.17763.503
:SC2
このサイトを検索 | Search this site